Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

f9135f3216...0N.exe

windows7-x64

9

f9135f3216...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9135f3216c2ee3b0afedf06c74c6230N.exe

  • Size

    24KB

  • MD5

    f9135f3216c2ee3b0afedf06c74c6230

  • SHA1

    97de6bd99cbc25b1c9c69b5578879426b1a8c9e4

  • SHA256

    16497ebf6c1939d90f685c2cf7cff2b2b9e2a77ae19822d112a0a166e98c7d60

  • SHA512

    f373a996cdc64dc6463438637c3833cd3839eebb5571c21c89b140961ca886b6a02e976d5a6923a916d6a7775cb62cf13f5c7ee107f5ea1ff7f6c815e851767b

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9TNYmAE:kBT37CPKKdJJ1EXBwzEXBwdcMcI9T+MD

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3447) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9135f3216c2ee3b0afedf06c74c6230N.exe
    "C:\Users\Admin\AppData\Local\Temp\f9135f3216c2ee3b0afedf06c74c6230N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
    Filesize

    24KB

    MD5

    1d7bc55e0d0052d9f09611def695ddcc

    SHA1

    d6ebb58338fc7ae4b9cd873f81475de6f82b0f48

    SHA256

    b4d849703c7d14e3b164d3a1da2af9643c54ba2481628ceca6480036cc61396c

    SHA512

    e68b3f63f70e26b1ebac269e435d9ef99903a7fefd6801273ba3e19a93991fe786f4376a65594f879360044e88e2658439483aef6698dd1b6498fbe149e7af76

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    33KB

    MD5

    bf488df21c7f7e66be9c3700b0de55b4

    SHA1

    9d00c0398c7c2c24d3dc95de62e0b799c72a5137

    SHA256

    932c9b66109a18d1809a1f3f83ea512a04c04d9df4bb9c93b4b209f3d42f91e9

    SHA512

    7b8b5e1bd197e677973e42163a7c96d9aa185b46e549fea6ece3cf1d0462f2f81a1c770457a55216dbedcbed837ad5123e18af1931b6e9b88f60b1f8a6337054

    Download Submit

  • memory/2300-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2300-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download